<?
session_start();
// file login ke aplikasi
include("config.php");

$show 	= $HTTP_POST_VARS['cat'];
$logout	= $HTTP_GET_VARS['logout'];
// get form login
$pass	= md5($HTTP_POST_VARS['password']);
$user	= $HTTP_POST_VARS['username'];

//$_SESSION['user_login'] 	= $user;
//$_SESSION['id_sesi']		= session_id();
//$_SESSION['page']			= $_SESSION['user'].":".$_SESSION['id_sesi'];

// bagian untuk login
if($show == "login"){
	
	$sql	= mssql_query("SELECT * FROM S_User WHERE username='$user' AND password='$pass' ");
	$num	= mssql_num_rows($sql);
	if($num > 0){
		$_SESSION['user_login'] 	= $user;
		// cek menu untuk medical
		$smed = mssql_query("SELECT * FROM VPrivUser WHERE username='$user' AND nama_menu='medical' AND baca='1' AND hapus='1' AND edit='1' AND tambah='1' AND approval='1'",$conn);
		// master karyawan
		$smst = mssql_query("SELECT * FROM VPrivUser WHERE username='$user' AND nama_menu='master_karyawan' AND baca='1'",$conn);
		if(mssql_num_rows($smst) > 0){
			//header("Location: ../mainpage.php");
			$rmst = mssql_fetch_array($smst);
			if($rmst[tambah] == 1 && $rmst[edit] == 1 && $rmst[hapus] == 1 && $rmst[baca] == 1 && $rmst[approval] == 1){
				header("Location: show.php?show=employee");							
			}
			else{
					header("Location: detailemp.php?show=data_umum&nik=".$_SESSION['user_login']."");			
			}
		}
		elseif(mssql_num_rows($smed) > 0){
			header("Location: show.php?show=medical");							
		}
		elseif(mssql_num_rows($smst) == 0){
			// cvonline	
			$scvoon = mssql_query("SELECT * FROM VPrivUser WHERE username='$user' AND nama_menu='cvonline'",$conn);
			if(mssql_num_rows($scvoon) > 0){
				header("Location: ../form/frm_log_cvonline.php");
			}	
			else{
//				header("Location: ../mainpage.php");
			}	
		}
	}
	else{
	include("../headL.php");
		echo'
		<div style="color: red; position: relative; top: 100px;" align=center>
		 <table>
		  <tr>
		   <td></td>
		   <td align=center>
		   <img src="../images/error.png"><br><br>
		   Maaf, username atau password Anda salah ...<br><br>
		   [ <a href="Javascript:history.back();">silahkan kembali</a> ]
		   </td>
		  </tr>
		 </table>
		</div>
		';
	}
}
// bagian unruk logout
if($logout == "yes"){
	include("../headL.php");
	echo"
	 <div align=center><br><br>
	  ... Anda sudah login dari aplikasi ini ... <br><br>
	  [ <a href='../index.php'>klik disini untuk login kembali</a> ]
	 </div>
	";
}
?>